This news is not exactly new, but the news may be that it has
attracted so little notice. On Sunday 2/15, thieves broke into a Best
Internet San Francisco co-location facility, cut a lock off a steel
cage, and made off with two 200-pound servers being used to test the
Shared Registry System
[1] for the Internet Council of Registrars.
CORE is nearly ready to go live with its long-debated evolution of
the domain name system, in contrast to the US government's "green
paper" solution
[2], which is months from approval and probably
years from implementation. According to a c|net account
[3], CORE
said its servers were stolen when a CORE worker scheduled to be at
the facility called in sick. There was no sign of forced entry into
the Best facility. The two Sun Enterprise 450 servers were not the
most expensive equipment in the facility, but no other cages were
disturbed. Local police are working on the case and the FBI and
CERT were notified. Emergent Corp., which is contracted by CORE to
operate the SRS, had the system back online on new servers within
30 hours. At the time of the burglary CORE was low-key and sought
to dampen speculation. They promised to put up a statement on their
Web site, but if they've done so I couldn't find it.

Sun and Microsoft kept their first court date
[4] on 2/26, and U.S.
District Judge Ronald Whyte declined to grant Sun an injunction
forbidding Microsoft from using the name Java in its products. The
judge took the question under advisement. As to when the case might
actually be adjudicated, Sun asked for a trial date in April -- of
1999.

An Australian doing business as Fortify.net
[5] is distributing a
program for Unix and Win-32 (containing no crypto code) with which
anyone can convert their export copy of Netscape Navigator into a
US-strength, 128-bit version. Netly News coverage
[6] paints the
Feds pacing and gnashing their teeth over the development, which
breaks no laws. At the Financial Cryptography conference in
Anguilla, attendees ran a contest for the most compact perl code to
effect this transformation ("Run this on your export version of
netscape 4.04 to enable strong crypto!"). Ian Goldberg, who through
his connection with the conference sports the world's coolest email
address -- n@ai -- posted a 99-byte essay, only to be trumped by a
Russian programmer who shaved it by 15 bytes. The result:

HP has obtained government approval to export systems based on its
VerSecure architecture
[7], which uses expiring software tokens to
assure that the crypto provided to each user meets local laws. (No
shippping products are based on VerSecure, and any such products
will be subject to a further government review.) The Commerce
Department license allows HP to export VerSecure-based products only
to the UK, Germany, France, Denmark, and Australia. HP's system
envisions encryption in VerSecure-based hardware -- PCs, servers,
cell phones -- only after a token exchange with a "Security Domain
Authority" clears the scrambling. Imagine SDAs as networked
encryption checkpoints run by approved organizations in each country.
Each user would obtain a software token, expiring after one year
unless renewed, that controls the strength of encryption and the
availability of key-recovery features. Token policies would be based
on the local laws prevailing in each country: for example, tokens
distributed in France would activate a back door for law
enforcement, because French law requires that feature. This Reuters story
[8] quotes a Center for Democracy and Technology spokesman calling
VerSecure a "Rube Golberg approach." (Our British cousins would say
"Heath Robinson.")

How long before some hacker finds a way around the tokens to allow
full-strength, un-escrowed encryption?

RSA has established an ongoing series of challenges
[9] to break
messages encrypted with 56-bit DES. Twice a year, on 1/13 and
7/13, the company will post a new challenge and will only pay a
winner if the message is decoded faster than it was last time.
If the new contest is beaten in less than 25% of the reference
time, the winner gets $10K; 50% pays $5K, and 75% $1K. The first
DES crack took 140 days on the calendar, but when RSA launched
DES Challenge II they set the bar higher and established a
reference time of 90 days. On 2/26 the message was decoded after 39
days by an anonymous participant working under the auspices of
distributed.net
[10]. The secret message was "Many hands make
light work." Distributed.net offered thanks to RSA for the
implied endorsement.

Consolidations and realigning business models are the order of the day

RCN of Princeton, NJ, known mainly for its plans to wire city
centers with fiber, is buying Virginia-based ISP Erol's and
Massachusetts-based Ultranet
[11]. The acquisitions give RCN 325,000 dialup
customers on the eastern seaboard, and should provide rich fields
for cross-selling once RCN gets their fiber alight.

Best Internet and Hiway Technologies announced plans to merge
[12].
The companies say that one advantage of combining forces will be
fail-safe access for their customers: Best (San Francisco) worries
about earthquakes and Hiway (Florida) has hurricanes to contend
with.

Netscape, smarting from competition with Microsoft, is floating a
balloon about becoming a CSP (commerce service provider)
[13] -- that
is, hosting commerce sites for customers of their back-end software.
Such talk is not going down well with Netscape's ISP and CSP
customers, and first returns from the analyst community aren't entirely
positive either. Representative quote: "It baffles me. It sounds
like a desperate move."

Teledesic is the company planning to ring the world with satellites
to make T1-or-better Internet access available at any point on the
surface
[14]. On 2/18 they launched an experimental satellite named
"T1"
[15]; the news was blacked out until 2/26. T1 is not a prototype
of the satellites Teledesic is planning, it's merely a test bed
operating in the Ka band (28.6 - 29.1 GHz) at E1 speeds (2.048
MBPS). Teledesic officially won the right to Ka frequencies last
November
[16]. T1 was put into orbit by a Pegasus rocket, launched
from underneath an airborne L-1011. The service planned when
Teledesic goes live, by the end of 2002, will be 2 MBPS upstream and 64
MBPS down.

These low-earth-orbit satellites will enable worldwide phone
services beginning this year. Fifty-one are presently in orbit. It
turns out that the satellites' antennas catch the sun and cause
"flares"
[17] visible from the ground. For minutes at a time the
satellites brighten from magnitude 6 (binoculars required) to
magnitude -2 or even -4 (brighter than Venus). This useful page
provided by the German Space Operations Centre
[18] will calculate
for you the next seven Iridium flares visible from your location.
(Their initial mission was to calculate and display appearances of
the Mir satellite.) First you need to say exactly where on earth
you are. Using the Census Bureau's Tiger Mapping Service
[19] you
can pinpoint a spot in the US to 4 decimal places of latitude and
longitude, or within about 50 feet. Start at this atlas of place
names
[20] for rough coordinates that you can feed to the Tiger
for refinement.

Note added 1998-03-04:
Tom Szymanski wrote to point out an error (corrected above): 4
decimal places of latitude/longitude is about 50 feet, not about 6
feet as I had originally written. Szymanski also noted limitations
to the accuracy of the Tiger Mapping Service: "The bottom line is
that all digits after the 3rd decimal place are suspect." While
Tiger's accuracy is sufficient for sighting Iridium flares, it can't
pinpoint you much closer than about 300 feet. "Tiger maps were
designed to keep census workers from getting lost, not
surveyors." Szymanski quotes from the Tiger documentation:

Coordinates in Tiger files have six implied decimal places.
The positional accuracy of these coordinates in not as great
as the six decimal places suggest. The positional accuracy
varies with the source material used, but at best meets the
established National Map Accuracy standards (approximately
+/- 167 feet). ... The Census Bureau can not specify the accuracy
of [list of other information sources used to make Tiger maps].

The largest prime number now known is 2^23021377 - 1. It was
discovered by Roland Clarkson, one of 4,000 current participants in GIMPS
[21], using a Pentium box running code written by George Woltman (who
is mersenne.org). This is the first Mersenne prime discovered using
Scott Kurowski's Internet software and server
[22], which coordinates
the large number of volunteer computers. When last we visited GIMPS
(see TBTF for 1997-09-08
[23]), the previous record-holder, M-36, had
just been uncovered. This new Mersenne prime is only a tiny bit
larger, relatively speaking, at 909,526 digits vs. 895,932. You can
download the number itself
[24] from mersenne.org. This file is, of
course, about a megabyte in size.

Researchers at the Weizmann Institute have demonstrated
[25], and
controlled, one of the strange everyday home truths of the quantum
world -- that the act of observing something perturbs it. In this
case, what is perturbed is the tendency of electrons to act like
waves. The Israeli researchers have produced a tunable sensor that
can watch which of two openings electrons go through. When the
sensor is fully "alert," each electron provably goes through one
opening or the other. When the sensor is not "looking," electrons go
through both openings in a wavelike way and interfere on the other
side. Such control over this basic quantum phenomenon could be
important to devices built of quantum parts, for example the chips
described in TBTF tor 1998-02-23
[26]. Thanks for the story suggestion
to Eliyahu Skoczylas <eliyahu at photonet dot com>.

This page
[27] reports the latest results of Alta Vista searches
counting Web pages that make assertions such as "MacOS sucks" or
"Unix rules." Right now Unix is way ahead in the Sucks/Rules ratio,
and Linux is far ahead of Windows. This page
[28], in contrast,
dispenses with any pretense of fairness or sampling and baldly asserts
that all operating systems suck.

When the power goes out for a week (and counting) in an El Nino summer

Peter Gutmann (who outed Microsoft's naked emperor of security --
see TBTF for 1998-01-26
[29]) is writing an ongoing account
[30] of the
anguish Auckland, New Zealand is going through after losing all power
to the central city. Four cables all failed. Gutman is unsparing in
his gaze at the recent practices of the power company, Mercury
Energy, which has spent $300M on a failed attempted takeover of a
rival energy company while eliminating excess capacity and waste of
the sort that we might have referred to, in an ealier and less
enlightened age, as safety margins. Some excerpts:

The following writeup is a (hopefully) more balanced view of
what's going on than the one being provided through official
channels.

The city of Auckland has... four 110kV cables feeding the
central business district... The suspicion is that the El Nino
summer has dried out and heated the ground so that vibration
and ground movement (shrinkage) have damaged the cables.

Mercury ran an emergency feed for several miles over a string
of poles, which had hardly been completed when the second
cable failed. They then tried to force a full load over the
remaining cables by management will-power alone, which
unfortunately wasn't enough to overcome the basic laws of
physics, and everything which was left failed as well.

I think I'll join the class action suits; the fact that the
university machines are down means that I've had to use tin
to read news for nearly a week, that's got to be worth
several hundred thousand dollars compensation for mental anguish.

Q -- How many Aucklanders does it take to change a lightbulb?
A -- Does it matter?